domain registrars the next attacked weak spot

Earlier today some Turkish defacers broke into the New Zealand based registrar Domainz.net (which belongs to MelbourneIT) and redirected some of their customers' high profile web sites to a third party server with a defaced page. Companies which had their New Zealand web sites defaced include Microsoft, HSBC, Coca-Cola, F-secure, Bitdefender, Sony and Xerox.

The hacked websites carried the messages: "Hacked by Peace Crew" ,"STOP THE WAR ISRAEL". In addition the crackers inserted a picture of Bill Gates creampie'd on the Microsoft defacements

http://www.zone-h.org/news/id/4708

they simple used an sql injection in the management software of the domain registrar to change the IP address of the domainnames.

WOOOOOWWW

imagine doing that for a bank or a high level ecommerce site.

Imagine sending them to a fake securitydownload software or zero day exploit virus

Time to give security certifications to domain registrars BEFORE they can (continue) to sell any domainnames online ?

Time to block your domainname so that NO CHANGE at all can be done ONLINE to ANYTHING without confirmation on paper (fax). If you are high level, you have to treat your domainnames as high security and if you don't have the manpower or knowledge to manage this yourself, you should take a specialised agency to do that for you.

As with most things in cyberspace, the management of things becomes even more important than the launching or buying of things. People start their projects but don't calculate the costs for the permanent management and forget about it.

This is maybe a whole new business for domain registrars and will make the difference between the amateurs and the professionals.

Because if you click on the listings for the three members of the clan that made the attacks, they are truly highlevel hackers that only attack very specific targets and only in a way that it is remarkable. They are not the "script kiddies" running some automated attack tool.

We always said that you have to stop automated attacks as far away from your infrastructure as possible (router) to be able to monitor the targeted attacks by the powerful. If they can hide between thousands of scans, you will never see them.

The comments are closed.